VDB
CVE-2008-3398
CVE-2008-3398
PUBLISHED
CVSS 2.5999999046325684 LOW
Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1.99.2 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to unspecified components, possibly including login.php. NOTE: this may overlap CVE-2008-1129.
EPSS 6.49% · 91.3th percentile
Risk Scores
CVSS 2.0
2.5999999046325684
EPSS Score
6.49%
91.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| xrms | xrms_crm | 1.99.2 |
Timeline
- Jul 25, 2008 PoC Published
- Jul 31, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- xrmscrm-msg-xss(43994) vdb
- 30369 vdb
- 6131 exploit
- 31233 third-party-advisory
- 20080725 XRMS 1.99.2 (RFI/XSS/IG) Multiple Remote Vulnerabilities mailing-list
- 4081 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2008-3398 advisory